1. Field of the Invention
The present invention relates to a method and an apparatus for data security, and particularly, to a data security method and apparatus using a characteristic preserving encryption.
2. Discussion of the Related Art
Generally, a related art encryption for data security uses a method of changing a format and a length of a data. Therefore, a schema of a database is required to be changed for preserving compatibility between the existing database and another database having a different schema.
Accordingly, a data encryption is not applied to a traditional database server. Even though it is possible to apply the data encryption, the schema of the data is required to be changed. Therefore, a traditional command inputted for reading or inputting data needs be changed in accordance with the changed schema.
Therefore, recently, a separate encryption and decryption module is included in a database server in which a traditional command inputted for reading or inputting data is not changed. Even when such a method is applied, the existing schema of a data table needs be changed after an encryption. Accordingly, it is required to generate a view which has the same schema as that of a table before a change. Even in this case, the change of a database server is required in schema.
Due to the above-described limitations, a data encryption is not applied in a database server which has a complicated data schema and is used in the financial industry or the SAP ERP (Enterprise Resource-Planning) In the SAP ERP, it is impossible to change the internal schema of data.
Even though a data security is applied, when an encryption and a decryption perform in a database server, a arithmetic operation for an input/a reading performs. Therefore, a further load which does not exist before the encryption is generated in the database server. This causes performance degradation of an environment of the server. This is one of the reason that they are reluctant to use the related art encryption.
When a data encryption is performed, a sequence of a source data is not maintained. In this case, a use of an index search is impossible. Therefore, after the data encryption, a time for searching a data is longer than before. This is one of weaknesses of the related art encryption.
Even though data is encrypted, if a use authority for an encryption data is not managed, the encryption data may be decrypted by anyone and leaked. Accordingly, when data encrypted, authority for each of the encryption data needs to be managed. However, to date, a method for solving the limitations is not provided.